cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Azure AD role to permit non global admins to "grant permissions" to Read Directory Data in their app

Gina Komoroske
Copper Contributor

‎Nov 14 2018 11:28 AM - last edited on ‎Jan 14 2022 05:21 PM by

‎Nov 14 2018 11:28 AM - last edited on ‎Jan 14 2022 05:21 PM by

Azure AD role to permit non global admins to "grant permissions" to Read Directory Data in their app

Hello,

We have a subscription tied to our Azure tenant and have developers writing apps there.  When they are setting up the app registration in Azure, they have to wander over to the global admin team and ask us to click the "grant permissions" button to enable access to 'Read directory data' for their app.  Is there an Azure role that we can put those developers in for them to be able to 'Grant Permissions' for Reading Azure AD directory data for their app?  Or does the role "global admin" only provide that ability?  There is a complaint that this step of involving the global admins is tedious and time consuming to find someone to grant perms on a timely basis (and our GA users are sparse). 

 

I've played around with application administrator, application developer, cloud application admin roles, but none of those worked.  Unless as they develop their app they have to do something special?

 

Thanks in advance for any advice, suggestions, resolutions.

Gina

1,181 Views
0 Likes
2 Replies
Reply
2 Replies
best response confirmed by Gina Komoroske (Copper Contributor)
Rishabh Srivastava

‎Nov 14 2018 09:58 PM

‎Nov 14 2018 09:58 PM

Solution

Re: Azure AD role to permit non global admins to "grant permissions" to Read Directory Dat

Hello Gina, 

 

Currently there is no method available to allow a particular user to give consent to applications apart from GA as this is a change that happens at the directory level.

 

Regards,

Rishabh 

 

0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by Gina Komoroske (Copper Contributor)
Rishabh Srivastava

‎Nov 14 2018 09:58 PM

‎Nov 14 2018 09:58 PM

Solution

Re: Azure AD role to permit non global admins to "grant permissions" to Read Directory Dat

Hello Gina, 

 

Currently there is no method available to allow a particular user to give consent to applications apart from GA as this is a change that happens at the directory level.

 

Regards,

Rishabh 

 

View solution in original post

0 Likes
Reply